You will want to change your personal Amazon account password immediately and make it very secure and very strong. Especially, if you are share the username for your residential Amazon deliveries with your AWS console. Treat your Amazon and AWS root user accounts like a precious gold bar. Because if you lose possession of it, then your goose is, indeed, cooked.

If you run your own business, you may want to associate your AWS root user account with a business account. Make sure that only you the business owner has access to this account.

Learn about AWS security, the Identity and Access Management interface otherwise known IAM. Get a deep-dive, I recommend this alot.

Store the AWS root password in a cyber vault such as a very secure LastPass account that only you can access with a few trusted left tenants (lieutenants, USA).

Create for yourself a read-only user that lets you look at things without accidentally destroying important things like EC clusters, groups, instances, networks and VPCs, security group, databases, and resources

Create separate IAM Users and IAM Groups. For example, you may want to create EC2 instance user and groups, which allow trusted people to start and stop instances. You may want to create another set of users, who can only access database instances such as RDS, Aurora, and MySQL.

Learn about the IAM Roles that give you an option to allow powered users to assume roles. For example, you might create a Administrator group and allow trusted Platform Engineers and DevOps technical-leads (vis-a-vis Anchors) to become an Administrator.

Create IAM Roles with multiple management policies. Amazon has this concept of managed policies for each service that they have in the AWS platform. So for example, you provision an EC2 instance with roles so that it launches with enough permissions. You need the policies AWSCodeDeployFullAccess, AmazonInspectorFullAccess, AmazonEC2RoleforSSM and AmazonEC2ReadOnlyAccess. If you want EC instances attached to the IAM Role to also access the S3 service, then you have to add additional policies for the other service(s). You can add the custom IAMRole policy AmazonS3ReadOnlyAccess. This allows an EC instance with a web server to synchronize a static web site with the data on S3. Of course, you will not need a script to synchronise the data first at launch time. The benefit of IAM Roles is that they share no secrets, they only provide permissions. Roles can be granted temporarily for users and systems.

If you are going to secure your AWS account, you definitely want to learn about monitoring AWS beforehand. So delve into the CloudFrontand CloudWatch material.

Re-evaluate the default AWS IAM password policy - follow the advanced user advice from AWS. Once you are really good at AWS, then follow the advice to remove your root access keys. Enable password expiration and set expiration periods. Maybe you want to expire passwords every 3 months, or maybe your prefer 6 months. It depends on your situation (and, of course, your institution).